Please read the following information carefully. This privacy notice contains information about what personal data we collect and store about you and why. It also tells you who we share this information with, the security mechanisms we have put in place to protect your data and how to contact us if you have a complaint.
WHO WE ARE?
Ascertus Limited collects, uses and is responsible for personal information about our customers. When we do this we are the ‘controller’ of this information for the purposes of the UK GDPR, the General Data Protection Regulation and other applicable data protection laws.
We may also process personal data on behalf of our customers regarding their clients. When we do this we are a ‘Data Processor’.
Ascertus Limited is registered at Companies House, the United Kingdom’s registrar of companies. Our registration number is 08893788. Our registered address is The Old Store, Mascalls Pound Farm, Maidstone Road, Kent TN12 6LT, United Kingdom. We do not have any offices outside of the United Kingdom.
Ascertus Limited operate out of Pennine Place, 2A Charing Cross Road, London, WC2H 0HF, United Kingdom.
Our Data Protection contact is Ceri Russell, Operations Manager.
Responsibility for Data Protection at Ascertus Limited
Ascertus Limited does not meet the criteria of the mandatory appointing of a Data Protection Officer and the Directors (Roy Russell, MD and Jon Wainwright, Sales Director) take full responsibility for Data Protection within the Company.
WHAT DO WE DO WITH YOUR INFORMATION?
Information collected by us
When carrying out the marketing and supply of our contractual duties including (but not limited to) consultancy, support, hosting and software implementation services, we collect the following personal information that you provide to us:
- Full name
- Business email
- Business phone number
Information collected from other sources
We collect the following information from other relevant third parties such as your company’s website, Companies House, software partners, industry publications, industry events, LinkedIn and other publicly available databases.
- Full name
- Business email
- Business phone number
Information we may access on your behalf
In the course of the services we provide, you may require that we access your client data. This can include any or all of the personal data categories that you collect from your clients potentially including special category data.
HOW WE USE YOUR PERSONAL INFORMATION
We use your personal information for the following purposes:
- To negotiate the agreed Statement of Work and signed contract between Ascertus Limited and your Company. (Your personal data)
- To provide information and marketing for events, products, publications and services where there is a legitimate interest. (Your personal data)
- To perform the services that you have contracted with us. (Your clients' personal data)
WHETHER INFORMATION HAS TO BE PROVIDED BY YOU, AND WHY?
This personal information (names and business contact details) must be provided by you to us, to enable us to fulfil our contractual obligations. When we collect information from you, we will inform you whether you are required to provide this information to us.
LEGAL REASONS WE COLLECT AND USE YOUR PERSONAL INFORMATION
We rely on the following legal bases for processing your information:
- Necessary for the performance of a contract.
- Necessary for the purpose of legitimate interests (pursuing the commercial aims and objectives of Ascertus Limited).
- Necessary for compliance with a legal obligation to which Ascertus is subject.
WHO WILL WE SHARE YOUR PERSONAL INFORMATION WITH?
We have relationships with a number of third parties that we may share names and business contact details with. For a list of these third parties please see contact us.
This data sharing enables us to meet contractual obligations including providing software licences, support services and some hosting services. It may, on occasion, also be used for legitimate interest purposes to keep you informed of events, articles, updates and products and services which may be of interest.
We will share personal information with law enforcement agencies if required by applicable law.
We will not share your personal information with any other third parties without your consent and we will never sell personal data.
TRANSFER OF YOUR INFORMATION OUTSIDE THE EUROPEAN ECONOMIC AREA (EEA)
It may be necessary to transfer your personal information outside the UK or EEA or to an international organisation in order to obtain specific support information. A list of all third countries that your personal data may be transferred to can be requested.
These countries may not have same data protection laws as the United Kingdom and EEA. However any transfer will be subject to safeguards as permitted under the UK GDPR and the General Data Protection Regulation. These safeguards are designed to protect your privacy rights and provide you with remedies in the unlikely event that your personal information is misused. You are entitled to obtain a copy of the safeguards that have been made available to you.
Whenever a cross-border data transfer is required to meet our contracted services we will ensure that either a) the destination is deemed adequate by the EU or b) Standard Contractual Clauses are in place. Where the destination jurisdiction have far reaching surveillance laws or do not offer adequate data subject rights we will ensure the appropriate supplemental measures are in place.
If you would like any further information please contact us (see ‘Get in touch’ below).
HOW LONG WILL WE STORE YOUR PERSONAL DATA?
Personal data obtained and processed in relation to a contractual obligation will be stored until the contract has ended; at which point the data will be archived to allow for continuity and context should a new contract be raised or any queries or legal matters arise in future. Archived data will be retained for a further six years starting from the termination date (not notice date) of any contract.
Under the UK GDPR and the General Data Protection Regulation, you have a number of important rights that you can exercise free of charge. In summary, these rights are:
- Transparency over how we use your personal data and fair processing of your information;
- Access to your personal information and other supplementary information;
- Require us to correct any mistakes or complete missing information we hold on you;
- Require us to erase your personal information in certain circumstances;
- Receive a copy of the personal information you have provided to us or have this information be sent to a third party, this will be provided to you or the third party in a structured, commonly used and machine readable format;
- Object at any time to processing of your personal information for direct marketing;
- Object in certain other situations to the continued processing of your personal information;
- Restrict our processing of your personal information in certain circumstances;
- Request not to be subject to automated decision making which produce legal effects that concern you or affect you in a significantly similar way;
If you want more information about your rights under the GDPR please see the Guidance from the Information Commissioners Office on Individual’s rights under the GDPR.
If you want to exercise any of these rights, please:
- Email firstname.lastname@example.org, call +44 (0) 20 3126 4960 or write to us at: Ascertus Limited, The Old Store, Mascalls Pound Farm, Maidstone Road, Kent TN12 6LT, United Kingdom.
- We may need to contact you to request further information to verify your identity;
- State the right or rights that you wish to exercise;
- We will respond to you within one month from when we receive your request.
Please note if you wish to unsubscribe from any email you can do so by following the link in the email or email email@example.com. It may take up to five days for this to become effective.
HOW TO MAKE A COMPLAINT
We hope that you are happy with our service and that we can resolve any issues or complaints that arise. Please get in touch if you have any concerns (see ‘Get in touch’ below).
The UK GDPR and the General Data Protection Regulation also gives you the right to lodge a complaint with a supervisory authority, in particular in the European Union (or European Economic Area) state where you work, normally live or where the alleged infringement of data protection laws occurred. The UK supervisory authority is the Information Commissioner’s Office who can be contacted at https://ico.org.uk/concerns/.
Ascertus have deployed appropriate technical and organisational measures including strict policies governing information technology and data handling. These cover areas such as access control, authentication, audit, monitoring, alarms, data storage, back up, transmission standards and environment integrity. Ascertus will use reasonable endeavours to install and have appropriate security measures in place in our facilities to protect against the loss, misuse or alteration of information that we have collected from you.
All personal data stored by Ascertus will reside on equipment located in the UK or EU.
If you would like further details please contact Ceri Russell.
We will not process your personal data for any reason other than stated within this privacy notice. If this changes, we will inform you by email.
CHANGES TO THIS PRIVACY NOTICE
This privacy notice was published on 25th May 2018 and will be reviewed periodically in line with updated guidance and legislation changes.
We constantly review our internal privacy practices and may change this policy from time to time.
GET IN TOUCH
If you have any questions about this privacy notice or the information we hold about you, please contact us via firstname.lastname@example.org or +44 (0) 20 3126 4960.
If it would be helpful to have this notice provided in another format (for example: in another language, audio, braille) please contact us (see ‘Get in touch’ above).
Ready to Change the Way You Work?